Troj/Agent-ZCT
Posted: December 4, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | December 4, 2012 |
|---|---|
| Last Seen: | June 2, 2023 |
| OS(es) Affected: | Windows |
Also, identified by the alias of Trojan.Agent.AXMO, Troj/Agent-ZCT is a Trojan that's installed on compromised Windows PCs via drive-by-download browser exploits. As of the time of this article's writing, SpywareRemove.com malware experts can confirm that installation attacks for Troj/Agent-ZCT are hosted on gyalwarinpoche.com, a website dedicated to the Dalai Lama. However, due to the newly-emerged nature of this threat, most web analysis tools and companies have yet to flag gyalwarinpoche.com as dangerous. Any contact with gyalwarinpoche.com may result in an infection of Troj/Agent-ZCT for Windows users, or a separate backdoor Trojan for Mac-based PC users. Removing Troj/Agent-ZCT, whenever necessary, should be handled with appropriate anti-malware software, since Troj/Agent-ZCT is malicious software that may include defenses against being identified or deleted.
When Piety Crosses Over into Personal Attacks for Troj/Agent-ZCT
Troj/Agent-ZCT's presence on the web largely is confined to the site gyalwarinpoche.com, which claims to be an official source for information on Tibet's Dalai Lama. SpywareRemove.com malware researchers note that gyalwarinpoche.com uses the same name as the official YouTube channel for the Dalai Lama and has been attacking PCs for nearly the same time span, even though the actual 'official' website is dalailama.com. Although the majority of gyalwarinpoche.com's content is safe, as of the time of this article's writing, gyalwarinpoche.com also hosts Java-based exploits that can install malware onto any vulnerable computer.
These exploits can attack both Windows and Mac PCs that don't have Java disabled for their respective web browsers (which SpywareRemove.com malware experts often recommend as a basic security precaution). Although Windows PCs will receive a payload of Troj/Agent-ZCT, Mac computers will be treated to Backdoor:OSX/Dockster.A: a backdoor Trojan that can record your keyboard input to steal typed information, as well as download and install other malware.
Unfortunately, the website gyalwarinpoche.com also has a history of being compromised in this manner. Web browser security is, therefore, particularly of note for any web surfers with an interest in Dalai Lama-related sites both for the present and the indefinite future.
Troj/Agent-ZCT and the Danger of Visiting a Website with Your Guard Down
SpywareRemove.com malware research team considers Troj/Agent-ZCT to be a potential high-level threat to your PC's safety due to its likely inclusion of backdoor-related functions. Some attacks that Troj/Agent-ZCT may be responsible for launching include:
- Attempts to steal personal information (through keylogger functions, MitB attacks and other methods, as shared by its Mac counterpart Backdoor:OSX/Dockster.A).
- Efforts to undermine your PC's security by changing your system or browser settings. You may be unable to view Hidden files, have Internet Explorer's security zones disabled be unable to use basic Windows features like the UAC.
- Security-related programs like Task Manager may be blocked by Troj/Agent-ZCT.
- Other malware with additional capabilities also may be installed by Troj/Agent-ZCT.
Disabling your browser's Java feature should keep you safe from Troj/Agent-ZCT's identified infection vectors. However, any Troj/Agent-ZCT infection should be removed with anti-malware software that can be certain of also detecting and removing any related malware that also could be included in a Troj/Agent-ZCT-related payload. As noted earlier, SpywareRemove.com malware researchers also emphasize that Mac PC users also are vulnerable to this exploit, albeit with a different Trojan.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.